Want to subscribe to topics you're interested in?
Become a Member

Wordpress Duplicator works fine, duplicator pro not so much

Discussion in 'Blogs & CMS usage' started by niamniamniam, Mar 29, 2019.

  1. niamniamniam

    niamniamniam New Member

    4
    2
    3
    May 19, 2017
    Ratings:
    +4
    Local Time:
    6:12 PM
    1.13.0
    MariaDB 10
    Hi! I've been using centmin for 3 years now, and it's always been my go to stack for wp.
    But a client recently bought the duplicator pro plugin and I'm at a lost...
    I use duplicator free on all my sites, it's always worked perfectly, but the pro version don't let the zip file to be downloaded from the server via browser.
    First I tought I was because duplicator pro have a diferent default storage folder then the free version (the free one saves on wp-snapshots and the pro on the backups-dup-pro inside wp-content) so I change the pro one to the folder, thinking i maybe something about permissions. No dice.
    I tryed everything, mess with the .autoprotect-bypass, creating a new similar entry on wpsecure_mydomain.com.conf with the similar code than duplicator free like so

    Code:
    # Whitelist Exception for https://wordpress.org/plugins/duplicator/
    location ~ ^/wp-content/plugins/duplicator-pro/ {
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/loja.space/wpsecure_loja.space.conf
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/wpwhitelist_common.conf;
    }
    
    and nothing seens to work on here. Is there anyone that use duplicator-pro and can download from browser?
     
  2. eva2000

    eva2000 Administrator Staff Member

    40,322
    8,930
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,753
    Local Time:
    7:12 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  3. fabianski

    fabianski Member

    74
    7
    8
    Feb 20, 2019
    Brazil
    Ratings:
    +22
    Local Time:
    6:12 PM
    In /usr/local/nginx/conf/conf.d/ edit the file of your domain commenting (#) this line
    include /usr/local/nginx/conf/autoprotect/YOURDOMAIN/autoprotect-YOURDOMAIN.conf

    After restoring the backup, remove the #

    It worked for me ...
     
    • Informative Informative x 1
  4. EckyBrazzz

    EckyBrazzz Active Member

    395
    76
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +146
    Local Time:
    6:12 PM
    1.17.x
    10.3.x
    @fabianski Nice site you have, but remove the Just another WordPress site from it!;)
     
  5. fabianski

    fabianski Member

    74
    7
    8
    Feb 20, 2019
    Brazil
    Ratings:
    +22
    Local Time:
    6:12 PM
    Não entendi
     
  6. EckyBrazzz

    EckyBrazzz Active Member

    395
    76
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +146
    Local Time:
    6:12 PM
    1.17.x
    10.3.x
    Veja o link no primeiro post. ele mostra o link no seu site.
    Code (Text):
    # whitelist php processing access at /usr/local/nginx/conf/wpincludes/<privado>/wpsecure_<privado>.conf
    

    HTML:
    <a href="https://<privado>/" title="<privado> - Just another WordPress site" rel="home">
     
  7. fabianski

    fabianski Member

    74
    7
    8
    Feb 20, 2019
    Brazil
    Ratings:
    +22
    Local Time:
    6:12 PM
    há sim, mas não é meu, é do autor do post
     
..